Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Advertisements

g2i2r4

Posted 13 August 2005 - 05:06 AM

There's a lot to do on that computer. Let's first get it to the internet.

We'll need to transport some files from the computer you are now using, to the infected computer.

Download smitRem.exe and save the file to your desktop.Right click on the file and extract it to it's own folder on the desktop.So you'll get a new folder called smitrem on your desktop.I want you to put that folder on cd, floppy or usb-stick.

On the infected computer, boot again in safe mode and open your task manager again.Now insert the cd, floppy or usb-stick where you saved the smitrem folder in your infected computer.

Now browse to the drive where your floppy, usb-stick or cd is present (could be A or D or E or F.. you'll see..)Search for that smitrem folder.Right click on the smitrem folder and choose: Copy

Now browse again via Task Manager to My Documents or Program Files.Right click somewhere in there, right click and choose: PasteNow open the smitrem folder you just copied and pasted and click the file: RunThis.batThen click open.In the window where it says 'Create new task', click OK.

Normally, you'll have to drag the different windows you'll see to left or to right, because normally they will open on top of each other and you wont see the command window the tool starts that is under it.You'll see a blue window now.Follow the prompts on screen.Wait for the tool to complete.

When done, in Task Manager, click 'shut down' from the menu on top and click restart. Your computer will reboot now.Reboot to normal mode and post a hijackthis log in your next reply.

g2i2r4

Posted 14 August 2005 - 04:48 AM

g2i2r4

retired HiJack Helper

Retired Staff

5,080 posts

Glad that worked! But there's more to be done.

First
The tool we ran created a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
Post me the contents of the smitfiles.txt log as you post back.

g2i2r4

Posted 14 August 2005 - 04:56 AM

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

You also have a nasty CoolWebSearch infection there. First we will need to download a few tools that will help us in the removal of your problem.

Launch ewido, there should be an icon on your desktop double-click it.The program will prompt you to update click the OK button

The program will now go to the main screenYou will need to update ewido to the latest definition files.On the left hand side of the main screen click updateClick on StartThe update will start and a progress bar will show the updates being installed.Once the updates are installed, close Ewido for now.

***

If you have not already installed Ad-Aware SE 1.06, please download and install AdAware SE 1.06.Check Here on how setup and use it - please make sure you update it first.

***

Boot into Safe Mode:Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

***

Please run About:Buster:

Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.

Click Yes to allow it to shutdown explorer.exe.

It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.

When it has finished, click Save Log. Make sure you save it as I need a copy of it later.

Reboot your computer into safe mode again

Run about:buster again following the same instructions as above, this time without the restart at the end.

***

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

***

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

***

Open Ad-aware and do a full scan. Remove all it finds.

***

Now open Ewido Security Suite:* Click on scanner * Click Complete System Scan and the scan will begin. * During the scan it will prompt you to clean files, click OK * When the scan is finished, look at the bottom of the screen and click the Save report button. * Save the report to your desktopReboot your computer.

***

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:*Click "Options..."*Move the arrow down to "Custom CleanUp!"*Put a check next to the following: